On Sunday an exhibition opened at a Brooklyn art house in New York that has caught the attention of digital privacy advocates from all around the globe. Photographer Curtis Wallen’s glorious collection of photographs, entitled simply – ‘Proposition For An On Demand Clandestine Communication Network’ – is a journey into his decision to, and experience of, making what he believes was a completely anonymous phone call in today’s age of universal surveillance.
What he actually manages to create is an incredibly involved and complex guide for making a single clandestine phone call, that an average person can mull over with amusement, whilst thinking to themselves ‘oh boy, there is no chance that I am ever going to make an anonymous phone call’. In fact, the whole concept behind Wallen’s phone call is amusingly similar to the end of the movie Horrible Bosses 2, in that it is so convoluted and multifaceted that it leaves one giggling, while thinking, ‘yes that might just work!’ – only unlike in the movie where things go horribly wrong, this would actually work.
You see, while Curtis Wallen isn’t exactly a security expert, what he does have is some experiential background knowledge in anonymous opsec. In 2013 he went on Tor, and using Bitcoins created for himself a functioning fake identity – complete with a fake driver’s license, Social Security number, insurance card, and even identifying correspondences like cable bills… voila! Aaron Brown was born, and he even had his own Twitter account!
Compared with your average citizen, then, Mr Wallen has actually got a reasonable amount of applied knowledge in the field of internet and digital privacy, which makes him a reasonably able person to undertake this particular artistic journey, and although the reputable antivirus and expert security company Kaspersky says that his methods ‘are subject to technical analysis and their efficacy debatable,’ on the whole we can see nothing wrong with his methods – as ridiculous, pointless and humorous as they might actually be.
So how did Curtis Wallen make a completely anonymous phone call? Lets delve into his new exhibition and take a closer look…
Firstly he bought a Faraday Cage style conductive wire mesh bag, which in theory keeps whatever contents you put in it protected from outside electronic influence – good start. He then went out and bought (also with cash) a prepaid, contract-less, pay-as-you-go phone (sometimes referred to as a ‘burner’ phone from their name on the popular HBO series The Wire). With the new anonymous phone safely placed in the Faraday bag, Wallen went to what he calls an ‘anchor point.’
Behaviorally speaking we all have these anchor points – places such as our home or our place of work where we inevitably remain for extended periods of time, and where it is therefore not unusual for our contract mobile phone to sit in one locale for lengthy periods. Wallen calls these ‘dormant periods.’
In the weeks leading up to making his photographic commentary on modern life, Wallen analyzed his own movements carefully – creating for himself a database of anchor points and dormant periods. When it was time to activate his new ‘burner’ phone he left his usual contract phone at an anchor point (making it look like he was in his usual place) and set off with his new phone in its Faraday bag.
If they had been available (and not just a prototype), he could have worn some of AVG’s new anti-facial-recognition-software detecting glasses to make absolute certain of not being flagged up by one of the hundreds of CCTV cameras in the big apple – but instead he went by foot to avoid his car’s license plates being spotted and alerting government intelligence agencies to the fact that he was not really at his ‘anchor point’.
Next, he activated his new mobile phone on a public WiFi access point using a computer with a clean operating system such as Tails. In this way the mobile phone was not attached to any person’s name or billing information, and in theory the phone could not be connected to anyone’s computer. He then left the activated phone in the Faraday bag at the non-anchor point, and went back to rendezvous with his contract phone. So far, so good.
Now Wallen had to get a covert message to his would be caller. For this he used a one time pad encryption tool to send a message from an anonymous Twitter account that he accessed via Tor. He sent the message using a fairly light form of encryption that sets up a one time key which only the recipient knows (fearful that using a more robust encryption style might flag him up as a possible suspect.) Wallen felt that this method would allow him to get the clandestine phone’s number and the time that he wished the call to take place to his partner, without unnecessarily flagging himself up on any systems. As Wallen told Fast company in the run up to undertaking his project,
‘Central to good privacy, is eliminating or reducing anomalies that would pop up on surveillance radars, like robust encryption. So, I’ve prearranged an account where I’m going to post an encrypted message, and that message comes in the form of a “random” filename, someone can see that image posted to a public Twitter account, and write down the filename — to decrypt by hand — without ever actually loading the image.’
Finally, of course, Wallen left his contract phone at one of his anchor points during the agreed dormant period, and went to get his clandestine phone out of the Faraday bag. The call from his partner arrived, Wallen answered the phone, and his mission was accomplished – a completely anonymous phone call (from his side anyway, because we never actually get to know where his ‘friend’ called him from, and for all we know his ‘friend’ could have called him from the head of the NSA’s personal cell phone!)
In fact, the famous security researcher best known as “the grugq” described Wallen’s process as ‘technically secure, but probably fragile in practice’ and ‘possibly too complex and too fragile for real world use.’
All in all, however, Wallen has managed to put together a fun, contemporary, and thought provoking work of photographic art, that has managed to get the digital security community chatting, and in our view anything that raises awareness of the very real issues surrounding digital privacy is a real winner. So we would like to extend the courtesy of a ‘well done’ to Curtis Wallen from everyone here at Best VPN… Keep up the good work.